Why we're following it: This week Kirsch is launching OneID for what he calls the "next-generation PayPal" for digital identities. Kirsch says the basic technology, developed with engineers Jim Fenton, Adam Back and Bobby Beckman, is integrated into websites to let users create their own digital identities and hold payment information securely and use it as a form-filling capability. Kirsch also says the firm in the future intends to tackle hard identity issues such as proving age, citizenship and residency. It's a change-the-world infrastructure play, and OneID wouldn't be the first to find out it's hard to change the world. But one company, Salsa Labs, which handles payments and marketing services for about 2,000 nonprofit organizations, says it's integrating the identity and payment technology into its platform and OneID says to expect to hear from other companies supporting it in the future.

Why we're watching it: Mark Hughes, director of marketing and sales for the startup, admits it can be hard to get a good phone connection in this rural area of Vermont. But that didn't stop company founder Dave Porcello from coming up with vulnerability-assessment penetrating tools, including one called PwnPlug, that range in price from about $570 to $800. The network penetration tools, largely based on open source, compete with those from Core Security and Rapid7, among others. Pwnie Express is tiny, but with about $300,000 in revenues last year, was profitable.

Why we're watching it: The firm is out to work with banks and any other type of organization that finds there are plenty of fraud attempts in telephone calls from crooks pretending to be customers. Banks are always looking for new ways to augment the measures they have in place to detect phone fraud, and according to Johnny Baker, Pindrop Security's vice president of sales and business development, the firm's technology is an alternative to caller ID. It can pick up dozens of separate technical factors related to a voice call and put them together into an audio fingerprint of the caller and the call path. This can be used to flag suspicious calls. The firm can't disclose customers but Baker says interest in high not only in the banking industry but national intelligence agencies.

Why we're watching it: Click Security, which just released a product called the Automated Security Analytics Platform (ASAP), is out to provide real-time information to detect stealthy infiltrators into the corporate network. ASAP does that by aggregating information widely across the network, but the co-founders reject being bracketed in the security information and event management (SIEM) category, claiming ASAP breaks new ground in threat detection. Some analysts agree. "While some of the things they do are similar to what SIEM vendors claim to do, they are much more than a central repository for log data," says Richard Stiennon, chief research analyst with consultancy IT-Harvest. "Click Security has more in common with threat-intelligence services such as Unveillance, ShadowServer or Seculert, combined with NetWitness or Solara Networks." ASAP is being used by about half a dozen companies, though none have been disclosed.

PorticorHeadquarters: Tel Aviv, Israel Founded: 2010 Funding: Glilot Capital for about $1 million Leader: Gilad Parann-Nissany, co-founder and CEO Fun fact: Co-founder Yaron Sheffer was formerly technology manager at Check Point and is currently co-chairman of the IETF IPSECME committee.

Why we're watching it: Porticor is tackling the timely problem of encrypting data at rest in cloud-based computing centers where customers rent disk space or servers. What Porticor does that's unique is it's come up with a "split key" method in which the service to encrypt and decrypt doesn't work unless both pieces of the key are together. According to Parann-Nissany, the enterprise holds the "master key," and the idea is to foster trust by putting the customer in complete control. The service provider doesn't even see the mater key in the encryption method that's applied based on AES 256 or Blowfish. At least one enterprise, the assurance, tax and consulting firm McGladrey & Pullen, is trialing the encryption service now.

Why we're watching it: WWPass, which debuted last month, has the ambitious goal of revolutionizing how users authenticate to websites through WWPass technology that will give users single sign-on capability and crypto-based authentication that lets users manage their own encryption keys. Neither WWPass nor the website knows what they keys are or who the users are. The user just needs the PassKey, available as USB fobs, smartphone apps and card form factors. It could be used with the near-field communication technology coming into use for smartphones, says Eric Scace, chief strategy officer. Under the business model, the plan is to charge service providers supporting WWPass authentication about $5 per 1,000 authentications. It could be an uphill battle to get attention for something as novel as PassKey, but WWPass execs say they knows there's a business need for it.

StopTheHackerHeadquarters: San Francisco Founded: 2009 Funding: Undisclosed amount from Runa Capital and private investors, plus a $600,000 research grant from National Science Foundation Leader: Peter Jensen, CEO Fun fact: Co-founder Michalis Faloutsos is a computer science professor at University of California, Riverside, who is teaming with research student Anirban Banerjee, StopTheHacker's co-founder and now its vice president of research and development.

Why we're following it: Malware that hackers embed onto websites to launch iFrame and JavaScript code attacks and other assaults on visitors remains a problem, and StopTheHacker is out to, well, stop it by detecting it through largely behavior-based methods and Web crawling. The company, which debuted last month, isn't the first to try, of course, and will be competing against firms such as Armorize and Dasient (recently acquired by Twitter). Some early adopters, including Maryland-based Christopher Imaging, say it works.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.